General

  • Target

    97178f14cedd268cb8f57a8405b50c5715832050502abc75e5a94e6423ad8208.exe

  • Size

    229KB

  • Sample

    241019-ch3b5szhme

  • MD5

    3d70a1184d7194dc0bed6dc4ecc80348

  • SHA1

    8691090e023f61cecb33803d55f3dd012bf974e2

  • SHA256

    97178f14cedd268cb8f57a8405b50c5715832050502abc75e5a94e6423ad8208

  • SHA512

    ac0c50e0ef410185ea285297e540328e5d892c43c6066eb2cf805825eac36c405b9dee8d0620774f0abd8f02cee3be68fa5062ecbb50d84efbafb4ece3e6084e

  • SSDEEP

    6144:YKRHGdv+l83h6bwlv9zOShvTzuuC++gY5Pjh7iM8avlt:Lmd5xWwlvYStTLC++gY5Pjh7iM8avl

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes
  • id

    364

  • token

    xehook364240207519384

Targets

    • Target

      97178f14cedd268cb8f57a8405b50c5715832050502abc75e5a94e6423ad8208.exe

    • Size

      229KB

    • MD5

      3d70a1184d7194dc0bed6dc4ecc80348

    • SHA1

      8691090e023f61cecb33803d55f3dd012bf974e2

    • SHA256

      97178f14cedd268cb8f57a8405b50c5715832050502abc75e5a94e6423ad8208

    • SHA512

      ac0c50e0ef410185ea285297e540328e5d892c43c6066eb2cf805825eac36c405b9dee8d0620774f0abd8f02cee3be68fa5062ecbb50d84efbafb4ece3e6084e

    • SSDEEP

      6144:YKRHGdv+l83h6bwlv9zOShvTzuuC++gY5Pjh7iM8avlt:Lmd5xWwlvYStTLC++gY5Pjh7iM8avl

    • Xehook stealer

      Xehook is an infostealer written in C#.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks